This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:ATL:OWC
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Microsoft Outlook OWC Unsafe ActiveX Control (ATL)
|
Release Date |
2009/10/13
|
Update Number |
1523
|
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Microsoft Outlook OWC Unsafe ActiveX Control (ATL)
This signature detects attempts to use unsafe ActiveX controls in Microsoft Outlook Web Components. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library (ATL).
Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
- Hp hp_proliant_support_pack 8.30
- Microsoft dhtml_editing_component_activex_control
- Microsoft internet_explorer 5.0.1
- Microsoft internet_explorer 5.0.1 For Windows 2000
- Microsoft internet_explorer 5.0.1 For Windows 95
- Microsoft internet_explorer 5.0.1 For Windows 98
- Microsoft internet_explorer 5.0.1 For Windows NT 4.0
- Microsoft internet_explorer 5.0.1 SP1
- Microsoft internet_explorer 5.0.1 SP2
- Microsoft internet_explorer 5.0.1 SP3
- Microsoft internet_explorer 5.0.1 SP4
- Microsoft internet_explorer 6.0
- Microsoft internet_explorer 6.0 SP1
- Microsoft microsoft_mswebdvd_activex_control
- Microsoft outlook_2002 SP3
- Microsoft outlook_2003 SP3
- Microsoft outlook_2007_sp1
- Microsoft outlook_2007_sp2
- Microsoft outlook_express 5.5
- Microsoft outlook_express 5.5 SP1
- Microsoft outlook_express 5.5 SP2
- Microsoft outlook_express 6.0
- Microsoft outlook_express 6.0 SP1
- Microsoft visio_viewer SP2
- Microsoft visio_viewer
- Microsoft visio_viewer
- Microsoft visual_c++_2005 SP1
- Microsoft visual_c++_2005_redistributable_package SP1
- Microsoft visual_c++_2005_redistributable_package
- Microsoft visual_c++_2008 SP1
- Microsoft visual_c++_2008
- Microsoft visual_c++_2008_redistributable_package SP1
- Microsoft visual_c++_2008_redistributable_package
- Microsoft visual_studio_2005 SP1
- Microsoft visual_studio_2005_64-bit_hosted_visual_c++_tools SP1
- Microsoft visual_studio_2005_professional_edition
- Microsoft visual_studio_2005_standard_edition
- Microsoft visual_studio_2005_team_edition
- Microsoft visual_studio_2005_team_edition_for_architects
- Microsoft visual_studio_2005_team_edition_for_developers
- Microsoft visual_studio_2005_team_edition_for_testers
- Microsoft visual_studio_2008 SP1
- Microsoft visual_studio_2008
- Microsoft visual_studio_.net_2003 SP1
- Microsoft visual_studio_.net_2003
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_professional
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_server SP2
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_server SP4
- Microsoft windows_2000_server
- Microsoft windows_7_for_32-bit_systems
- Microsoft windows_7_for_itanium-based_systems
- Microsoft windows_7_for_x64-based_systems
- Microsoft windows_atl_component
- Microsoft windows_ce 6.0
- Microsoft windows_live_messenger 14.0
- Microsoft windows_live_messenger 8.0
- Microsoft windows_live_messenger 8.1
- Microsoft windows_live_messenger 8.5
- Microsoft windows_live_messenger
- Microsoft windows_live_messenger_2009
- Microsoft windows_media_player 10.0
- Microsoft windows_media_player 11
- Microsoft windows_media_player 9.0
- Microsoft windows_server_2003 SP1
- Microsoft windows_server_2003 SP2
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_standard_edition SP2
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_web_edition SP1
- Microsoft windows_server_2003_web_edition SP2
- Microsoft windows_server_2003_web_edition
- Microsoft windows_server_2003_x64 SP1
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_server_2008_datacenter_edition SP2
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition SP2
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_standard_edition Release Candidate
- Microsoft windows_server_2008_standard_edition SP2
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_vista Beta
- Microsoft windows_vista Business
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Business SP2
- Microsoft windows_vista Enterprise
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_vista Enterprise SP2
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_vista Home Basic SP2
- Microsoft windows_vista Home Premium
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista SP1
- Microsoft windows_vista SP2
- Microsoft windows_vista Ultimate
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista Ultimate SP2
- Microsoft windows_vista
- Microsoft windows_vista_business_64-bit_edition SP1
- Microsoft windows_vista_business_64-bit_edition SP2
- Microsoft windows_vista_business_64-bit_edition
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Microsoft windows_vista_enterprise_64-bit_edition SP2
- Microsoft windows_vista_enterprise_64-bit_edition
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_vista_home_basic_64-bit_edition SP2
- Microsoft windows_vista_home_basic_64-bit_edition
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_vista_home_premium_64-bit_edition SP2
- Microsoft windows_vista_home_premium_64-bit_edition
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_vista_ultimate_64-bit_edition
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_vista_x64_edition SP2
- Microsoft windows_vista_x64_edition
- Microsoft windows_xp
- Microsoft windows_xp_embedded SP1
- Microsoft windows_xp_embedded SP2
- Microsoft windows_xp_embedded SP3
- Microsoft windows_xp_embedded
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_home SP3
- Microsoft windows_xp_home
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_professional
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_xp_professional_x64_edition SP3
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_xp_tablet_pc_edition SP3
- Microsoft windows_xp_tablet_pc_edition
- Nortel_networks callpilot 1002Rp
- Nortel_networks callpilot 1005R
- Nortel_networks callpilot 200I
- Nortel_networks callpilot 201I
- Nortel_networks callpilot 202I
- Nortel_networks callpilot 600R
- Nortel_networks callpilot 702T
- Nortel_networks callpilot 703T
- Nortel_networks communication_control_toolkit 5.0
- Nortel_networks communication_control_toolkit 6.0
- Nortel_networks communication_control_toolkit 7.0
- Nortel_networks communication_control_toolkit
- Nortel_networks contact_center
- Nortel_networks contact_center_administration
- Nortel_networks contact_center_administration_ccma 6.0
- Nortel_networks contact_center_administration_ccma 7.0
- Nortel_networks contact_center_express
- Nortel_networks contact_center_manager_server 6.0
- Nortel_networks contact_center_manager_server 7.0
- Nortel_networks contact_center_manager_server
- Nortel_networks contact_center_multimedia
- Nortel_networks contact_center_multimedia_&_outbound 6.0
- Nortel_networks contact_center_multimedia_&_outbound 7.0
- Nortel_networks contact_center_ncc
- Nortel_networks contact_center-tapi_server
- Nortel_networks linkplexer 6.0
- Nortel_networks media_processing_server
- Nortel_networks media_processing_svr_100
- Nortel_networks media_processing_svr_1000_rel 3.0
- Nortel_networks media_processing_svr_500_rel 3.0
- Nortel_networks multimedia_comm_mas
- Nortel_networks self-service
- Nortel_networks self-service-ccss7
- Nortel_networks self-service_ccxml
- Nortel_networks self-service_media_processing_server
- Nortel_networks self-service_mps_100
- Nortel_networks self-service_mps_1000
- Nortel_networks self-service_mps_500
- Nortel_networks self-service_peri_application
- Nortel_networks self-service_peri_workstation
- Nortel_networks self-service_speech_server
- Nortel_networks self_service_voicexml
- Nortel_networks self-service_wvads
- Nortel_networks symposium_agent
- Nortel_networks symposium_express_contact_center 4.2
- Pardus linux_2009
- Suse novell_linux_pos 9
- Suse open-enterprise-server
- Suse suse_linux_enterprise 11
- Suse suse_linux_enterprise_desktop 10 SP2
- Suse suse_linux_enterprise_desktop 10 SP3
- Suse suse_linux_enterprise_server 10 SP2
- Suse suse_linux_enterprise_server 10 SP3
- Suse suse_linux_enterprise_server 11
- Suse suse_linux_enterprise_server 9
References